Add api-server and CLI applications

- Create api-server with Bun.serve:
  - oRPC router with stub handlers for all procedures
  - Auth middleware placeholder
  - CORS configuration
- Create CLI tool with stricli:
  - bootstrap command for initial superuser creation
  - Placeholder commands for auth, user, org management

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/cli/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "@reviq/cli",
+  "version": "0.0.0",
+  "private": true,
+  "type": "module",
+  "bin": {
+    "reviq": "./dist/index.js"
+  },
+  "scripts": {
+    "build": "bun build src/bin/reviq.ts --outdir dist --target bun",
+    "cli": "bun run src/bin/reviq.ts",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "@stricli/core": "^1.2.5",
+    "@reviq/db": "workspace:*",
+    "@noble/hashes": "^2.0.1"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "@macalinao/tsconfig": "catalog:",
+    "typescript": "catalog:"
+  }
+}

apps/cli/src/bin/reviq.ts

@@ -0,0 +1,122 @@
+#!/usr/bin/env bun
+
+import {
+  buildApplication,
+  buildCommand,
+  buildRouteMap,
+  run,
+} from "@stricli/core";
+
+// Lazy load command implementations
+const bootstrap = buildCommand({
+  loader: async () => import("../commands/bootstrap.js"),
+  parameters: {},
+  docs: {
+    brief: "Create a superuser account",
+  },
+});
+
+const authLogin = buildCommand({
+  loader: async () => import("../commands/auth.js").then((m) => m.login),
+  parameters: {},
+  docs: { brief: "Login to RevIQ (stub)" },
+});
+
+const authLogout = buildCommand({
+  loader: async () => import("../commands/auth.js").then((m) => m.logout),
+  parameters: {},
+  docs: { brief: "Logout from RevIQ (stub)" },
+});
+
+const authStatus = buildCommand({
+  loader: async () => import("../commands/auth.js").then((m) => m.status),
+  parameters: {},
+  docs: { brief: "Check authentication status (stub)" },
+});
+
+const authCommand = buildRouteMap({
+  routes: {
+    login: authLogin,
+    logout: authLogout,
+    status: authStatus,
+  },
+  docs: {
+    brief: "Authentication commands",
+  },
+});
+
+const userCreate = buildCommand({
+  loader: async () => import("../commands/user.js").then((m) => m.create),
+  parameters: {},
+  docs: { brief: "Create a new user (stub)" },
+});
+
+const userConfirmEmail = buildCommand({
+  loader: async () => import("../commands/user.js").then((m) => m.confirmEmail),
+  parameters: {},
+  docs: { brief: "Confirm user email (stub)" },
+});
+
+const userCommand = buildRouteMap({
+  routes: {
+    create: userCreate,
+    "confirm-email": userConfirmEmail,
+  },
+  docs: {
+    brief: "User management commands",
+  },
+});
+
+const orgCreate = buildCommand({
+  loader: async () => import("../commands/org.js").then((m) => m.create),
+  parameters: {},
+  docs: { brief: "Create an organization (stub)" },
+});
+
+const orgList = buildCommand({
+  loader: async () => import("../commands/org.js").then((m) => m.list),
+  parameters: {},
+  docs: { brief: "List organizations (stub)" },
+});
+
+const orgAddSite = buildCommand({
+  loader: async () => import("../commands/org.js").then((m) => m.addSite),
+  parameters: {},
+  docs: { brief: "Add a site to an organization (stub)" },
+});
+
+const orgCommand = buildRouteMap({
+  routes: {
+    create: orgCreate,
+    list: orgList,
+    "add-site": orgAddSite,
+  },
+  docs: {
+    brief: "Organization management commands",
+  },
+});
+
+const rootMap = buildRouteMap({
+  routes: {
+    bootstrap,
+    auth: authCommand,
+    user: userCommand,
+    org: orgCommand,
+  },
+  docs: {
+    brief: "RevIQ CLI for database and user management",
+  },
+});
+
+const app = buildApplication(rootMap, {
+  name: "reviq",
+  versionInfo: {
+    currentVersion: "0.0.0",
+  },
+});
+
+const context = {
+  process,
+};
+
+await run(app, process.argv.slice(2), context);

apps/cli/src/commands/auth.ts

@@ -0,0 +1,25 @@
+import type { CommandContext } from "@stricli/core";
+
+/**
+ * Login command stub
+ */
+export async function login(this: CommandContext): Promise<void> {
+  console.log("Auth login command - Not implemented");
+  console.log("This command will authenticate a user and store credentials");
+}
+
+/**
+ * Logout command stub
+ */
+export async function logout(this: CommandContext): Promise<void> {
+  console.log("Auth logout command - Not implemented");
+  console.log("This command will clear stored authentication credentials");
+}
+
+/**
+ * Status command stub
+ */
+export async function status(this: CommandContext): Promise<void> {
+  console.log("Auth status command - Not implemented");
+  console.log("This command will show current authentication status");
+}

apps/cli/src/commands/bootstrap.ts

@@ -0,0 +1,77 @@
+import type { CommandContext } from "@stricli/core";
+// Password hashing imports (for future implementation)
+// import { scrypt } from "@noble/hashes/scrypt";
+// import { bytesToHex, utf8ToBytes } from "@noble/hashes/utils";
+
+/**
+ * Bootstrap command - creates a superuser account
+ *
+ * This command should be run after dbmate migration to set up
+ * the initial superuser account.
+ *
+ * Uses scrypt for password hashing (Cloudflare Workers compatible via @noble/hashes)
+ */
+export default async function (this: CommandContext): Promise<void> {
+  console.log("RevIQ Bootstrap - Create Superuser");
+  console.log("===================================\n");
+
+  // In a real implementation, we would:
+  // 1. Prompt for email and password using readline or prompts
+  // 2. Validate the input
+  // 3. Hash the password with scrypt (via @noble/hashes)
+  // 4. Connect to the database using @reviq/db
+  // 5. Insert the user with is_superuser=true
+  // 6. Handle errors appropriately
+
+  console.log("TODO: Implement bootstrap command");
+  console.log("\nThis command will:");
+  console.log("  1. Prompt for email address");
+  console.log("  2. Prompt for password (with confirmation)");
+  console.log("  3. Hash password using scrypt (@noble/hashes)");
+  console.log("  4. Create user in database with is_superuser=true");
+  console.log("\nRequirements:");
+  console.log("  - Database must be migrated (run 'dbmate up' first)");
+  console.log("  - DATABASE_URL environment variable must be set");
+
+  // Example of what the implementation would look like:
+  /*
+  import readline from 'readline';
+  import { db } from '@reviq/db';
+  import { randomBytes } from 'crypto';
+
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout,
+  });
+
+  const email = await new Promise<string>((resolve) => {
+    rl.question('Email: ', resolve);
+  });
+
+  const password = await new Promise<string>((resolve) => {
+    rl.question('Password: ', resolve);
+  });
+
+  // Generate a random salt
+  const salt = randomBytes(16);
+
+  // Hash with scrypt using recommended parameters
+  // N=2^14 (16384), r=8, p=1 - good balance of security and performance
+  const hash = scrypt(utf8ToBytes(password), salt, { N: 16384, r: 8, p: 1, dkLen: 32 });
+
+  // Store as: $scrypt$N=16384,r=8,p=1$<salt hex>$<hash hex>
+  const hashedPassword = `$scrypt$N=16384,r=8,p=1$${bytesToHex(salt)}$${bytesToHex(hash)}`;
+
+  await db.insertInto('users')
+    .values({
+      email: email.toLowerCase(),
+      password_hash: hashedPassword,
+      is_superuser: true,
+      email_verified_at: new Date(),
+    })
+    .execute();
+
+  console.log('Superuser created successfully!');
+  rl.close();
+  */
+}

apps/cli/src/commands/org.ts

@@ -0,0 +1,25 @@
+import type { CommandContext } from "@stricli/core";
+
+/**
+ * Create organization command stub
+ */
+export async function create(this: CommandContext): Promise<void> {
+  console.log("Org create command - Not implemented");
+  console.log("This command will create a new organization");
+}
+
+/**
+ * List organizations command stub
+ */
+export async function list(this: CommandContext): Promise<void> {
+  console.log("Org list command - Not implemented");
+  console.log("This command will list all organizations");
+}
+
+/**
+ * Add site to organization command stub
+ */
+export async function addSite(this: CommandContext): Promise<void> {
+  console.log("Org add-site command - Not implemented");
+  console.log("This command will add a site to an organization");
+}

apps/cli/src/commands/user.ts

@@ -0,0 +1,17 @@
+import type { CommandContext } from "@stricli/core";
+
+/**
+ * Create user command stub
+ */
+export async function create(this: CommandContext): Promise<void> {
+  console.log("User create command - Not implemented");
+  console.log("This command will create a new user account");
+}
+
+/**
+ * Confirm email command stub
+ */
+export async function confirmEmail(this: CommandContext): Promise<void> {
+  console.log("User confirm-email command - Not implemented");
+  console.log("This command will confirm a user's email address");
+}

apps/cli/src/context.ts

@@ -0,0 +1,6 @@
+/**
+ * Local context for CLI application
+ */
+export interface LocalContext {
+  readonly process: NodeJS.Process;
+}

apps/cli/tsconfig.json

@@ -0,0 +1,24 @@
+{
+  "extends": "@macalinao/tsconfig/tsconfig.base.json",
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "lib": ["ES2022"],
+    "types": ["@types/bun"],
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true,
+    "isolatedDeclarations": false,
+    "composite": false
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}